如何通过本地主机在ActiveMQ中使用SSL

我正在尝试通过SSL / TLS在本地连接到activeMQ消息代理，但是我无法使身份验证正常工作。

我遵循了activeMQ站点中有关SSL的instructions，并且遵循了该其他用户解决方案的example。我已经如下设置了activemq.xml：

   <transportConnectors>
       <transportConnector name="ssl" uri="ssl://0.0.0.0:61714?trace=true&amp;needClientAuth=true"/>
   </transportConnectors>

和：

   <sslContext>
      <sslContext keyStore="file:/home/tom/apache-activemq-5.15.8/conf/broker.ks" 
            keyStorePassword="password" 
            trustStore="file:/home/tom/apache-activemq-5.15.8/conf/client.ks" 
            trustStorePassword="password" />
   </sslContext>

然后我在activeMQ基本目录中将以下代码作为可运行的JAR文件运行：

    public static void main(String[] args) throws Exception {

        String uri = "ssl://0.0.0.0:61714";
        ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(uri);

        System.out.println("about to create the connection");
        Connection connection = connectionFactory.createConnection();
        System.out.println("about to start the connection");
        connection.start();

    }

带有以下参数，在activeMQ基本目录中运行：

java -jar -Djavax.net.ssl.keyStore = conf / client.ks -Djavax.net.ssl.keyStorePassword =密码-Djavax.net.ssl.trustStore = conf / client.ts“ App.jar”

同时还运行activemq控制台。这是来自JAR的错误堆栈跟踪的顶部：

about to create the connection 
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.activemq.util.IntrospectionSupport (file:/home/tom/apache-activemq-5.15.8/App_lib/activemq-all-5.15.8.jar) to method sun.security.ssl.SSLSocketImpl.setHost(java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.apache.activemq.util.IntrospectionSupport
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Exception in thread "main" javax.jms.JMSException: Could not connect to broker URL: ssl://0.0.0.0:61714. Reason: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

这是来自activeMQ控制台的堆栈的顶部：

 INFO | Connector ssl started
 INFO | Apache ActiveMQ 5.15.8 (localhost, ID:toms-HP-Notebook-PC-37849-1548377226145-0:1) started
 INFO | For help or more information please see: http://activemq.apache.org
 INFO | No Spring WebApplicationInitializer types detected on classpath
 INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
 INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
 INFO | Initializing Spring FrameworkServlet 'dispatcher'
 INFO | No Spring WebApplicationInitializer types detected on classpath
 INFO | jolokia-agent: Using policy access restrictor classpath:/jolokia-access.xml
ERROR | Could not accept connection from tcp://127.0.0.1:38482 : {}
javax.net.ssl.SSLException: Received fatal alert: internal_error
    at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)[:]
    at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:159)[:]
    at java.base/sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2046)[:]
    at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1207)[:]
    at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)[:]
    at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)[:]

我不确定我是否对activeMQ有基本的误解，或者我在某处缺少一个小细节。